V9 Redirect Virus

By ZulaZuza in Viruses

Translate To:

Threat Scorecard

Popularity Rank:	2,008
Threat Level:	50 % (Medium)
Infected Computers:	94,718

First Seen:	February 15, 2013
Last Seen:	December 6, 2025
OS(es) Affected:	Windows

V9 Redirect Virus Image

The V9 Redirect Virus is a browser hijacker designed to force computer users to visit the URL v9.com/us repeatedly. This is done in order to generate traffic to this particular website, allowing various forms of monetizing this traffic, such as using affiliate marketing advertising or pay-per-click schemes to profit from infected visitors to this website. The V9 Redirect Virus typically enters a computer because of existing vulnerabilities in your applications or operating system. These can be exploited by specifically crafted scripts contained in attack websites. The V9 Redirect Virus can also spread through malicious email attachments or instant messaging spam. Finally, versions of the V9 Redirect Virus are bundled as toolbars that are included in the installation of popular freeware software from a third party.

Table of Contents

The Consequence of a V9 Redirect Virus Infection

Once the V9 Redirect Virus infects a computer, the V9 Redirect Virus will change the infected computer's web browser's home page and default search engine to v9.com. The V9 Redirect Virus will also interfere with your online searches by always directing your search results to that website. Security analysts have also linked the V9 Redirect Virus to the appearance of unwanted pop-up advertisements. These can intrude on your work and interfere with normal online activities. V9 Redirect Virus has the capacity to keep track of your online habits and browser history.

While the functionality of hijackers may vary, most do what the name suggests - they mess with the user’s browser. V9, as well as many other hijackers, can infiltrate a user’s system through software bundle installers. Bad actors have refined numerous ways to sneak malware in bundles. Often the user isn’t even prompted whether they want to install everything in the bundle.

Once V9 has been installed it hijacks the victim’s browser homepage and default search engine. V9.com looks like a basic search engine page and currently, if someone tries to use it, it simply forwards the query to google.com and the user gets the same results they would get if they had done the Google search themselves. Previously, however, V9 would display completely different results mostly filled with ads and links to potentially malicious sites.

While the V9 Redirect Virus doesn’t seem to be a huge threat in its current state, users may want to still stay away because the connection the site uses is not secure and any searches may be tracked and data could be collected by bad actors. At best, V9 is completely useless and offers absolutely no added functionality for the user over a simple Google search.

Removing the V9 Redirect Virus is seldom a straightforward process. Even though there may be an uninstaller for this program, your web browser settings probably will need to be changed in order to restore your preferences to their defaults (such as your web browser's homepage and default search engine). Since the V9 Redirect Virus will often infect a computer along with various other forms of malware, the presence of this threat in a computer frequently indicates that other malware is present as well. In the event of a V9 Redirect Virus infection, ESG malware analysts advise PC users to analyze their entire machine with the aid of a fully updated and trustworthy anti-malware solution. To prevent further infections, ESG malware analysts advise using safe browsing practices and never downloading freeware software from sources other than the manufacturer.

SpyHunter Detects & Remove V9 Redirect Virus

File System Details

V9 Redirect Virus may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Newtabs_onmylike.dll	ec68d5ecd1ea15c81fc88dd6343c9080	705
Name: Newtabs_onmylike.dll MD5: ec68d5ecd1ea15c81fc88dd6343c9080 Size: 68.48 KB (68488 bytes) Detections: 705 Type: Dynamic link library Path: C:\WINDOWS\system32\Newtabs_onmylike.dll Group: Malware file Last Updated: October 13, 2024
2.	iSafeSvc.exe	0ff2898075716f58332dfd570160115a	561
Name: iSafeSvc.exe MD5: 0ff2898075716f58332dfd570160115a Size: 238.4 KB (238408 bytes) Detections: 561 Type: Executable File Path: %PROGRAMFILES%\iSafe Group: Malware file Last Updated: July 16, 2013
3.	iSafeSvc2.exe	c7590b83285f76abc6636de7abbcf2d2	548
Name: iSafeSvc2.exe MD5: c7590b83285f76abc6636de7abbcf2d2 Size: 69.96 KB (69960 bytes) Detections: 548 Type: Executable File Path: %PROGRAMFILES%\iSafe Group: Malware file Last Updated: July 16, 2013
4.	iSafeTray.exe	1a2d335d2d6e8c088b79f892d6188cfe	503
Name: iSafeTray.exe MD5: 1a2d335d2d6e8c088b79f892d6188cfe Size: 403.27 KB (403272 bytes) Detections: 503 Type: Executable File Path: %PROGRAMFILES%\iSafe Group: Malware file Last Updated: July 16, 2013
5.	RegAssociate.exe	5b9c994332dcd47cf391748604d359df	65
Name: RegAssociate.exe MD5: 5b9c994332dcd47cf391748604d359df Size: 55.42 KB (55424 bytes) Detections: 65 Type: Executable File Path: %SYSTEMDRIVE%\BKP CLAUDIA 11-07-19\C\Bkp Berton Claudia -14.08.15\C\Program Files\Software Plate\RegAssociate.exe Group: Malware file Last Updated: June 2, 2025
6.	update.exe	d8e7fbec59da34ee1c7015bbb99c4035	42
Name: update.exe MD5: d8e7fbec59da34ee1c7015bbb99c4035 Size: 234.65 KB (234656 bytes) Detections: 42 Type: Executable File Path: C:\Program Files (x86)\Software Plate\update.exe Group: Malware file Last Updated: December 7, 2025
7.	v9	dd2373d237be64c5f7eeb058c937f064	35
Name: v9 MD5: dd2373d237be64c5f7eeb058c937f064 Size: 1.46 MB (1469368 bytes) Detections: 35 Path: C:\Users\<username>\AppData\Local\Temp\vmware-enigma\VMwareDnD\6de5bc45\Parasite Samples\2018 08 21\v9 Group: Malware file Last Updated: September 22, 2022
8.	newtabs.exe	ad9586fb316b4c67298609402952f76a	6
Name: newtabs.exe MD5: ad9586fb316b4c67298609402952f76a Size: 261.03 KB (261032 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES(x86)%\newtabs Group: Malware file Last Updated: October 22, 2014
9.	v9ht.exe	90f9ec1d410fe7a8723b427a91b3d058	2
Name: v9ht.exe MD5: 90f9ec1d410fe7a8723b427a91b3d058 Size: 1.49 MB (1491896 bytes) Detections: 2 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\7ZipSfx.000\v9ht.exe Group: Malware file Last Updated: January 31, 2022
10.	llynew_v9.exe	2f20dca2ea38d22377a8feafa087a550	2
Name: llynew_v9.exe MD5: 2f20dca2ea38d22377a8feafa087a550 Size: 689.8 KB (689808 bytes) Detections: 2 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: December 25, 2020
11.	gdpclient.exe	deec43eea17d5ec3113c39f8b8375d84	1
Name: gdpclient.exe MD5: deec43eea17d5ec3113c39f8b8375d84 Size: 241.82 KB (241824 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Software Plate Group: Malware file Last Updated: July 9, 2013
12.	svcgdp.exe	71dcb870d229926054a2ae997b52d20f	1
Name: svcgdp.exe MD5: 71dcb870d229926054a2ae997b52d20f Size: 92.83 KB (92832 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Software Plate Group: Malware file Last Updated: July 9, 2013
13.	Newtabs_v9.dll	0bfe35fccd3c784d558672fd58b074b6	1
Name: Newtabs_v9.dll MD5: 0bfe35fccd3c784d558672fd58b074b6 Size: 60.92 KB (60928 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: October 22, 2014
14.	v9loader.dll	461e5d6ae759262ad81b75f0df1759ae	1
Name: v9loader.dll MD5: 461e5d6ae759262ad81b75f0df1759ae Size: 434.1 KB (434104 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: April 9, 2016
15.	MailUpdate.exe	931a6b06d958af1adb18b870421ce358	1
Name: MailUpdate.exe MD5: 931a6b06d958af1adb18b870421ce358 Size: 792.06 KB (792064 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\MailUpdate Group: Malware file Last Updated: January 13, 2015
16.	v9hpnt_v2.exe	acf210196d32fa22e1e7175b667d2c51	0
Name: v9hpnt_v2.exe MD5: acf210196d32fa22e1e7175b667d2c51 Size: 489.32 KB (489328 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: September 11, 2013

More files

Registry Details

V9 Redirect Virus may create the following registry entry or registry entries:

CLSID

{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

{4F15CD3F-3B21-444F-838D-50F8CF62BAC2}

{742E70CF-7770-412d-86CB-230B322E807C}

{967CD81E-A11D-4706-AC78-8F17C8677B2A}

{DF35E8DC-7F5D-4503-B201-7239A46BEE20}

{E7A19171-B1FA-460B-84A8-557C70A925CF}

{F386E548-C533-472E-8C61-C026FB14FEA9}

File name without path

http_pl.v9.com_0.localstorage

http_pl.v9.com_0.localstorage-journal

http_www.v9.com_0.localstorage

http_www.v9.com_0.localstorage-journal

V9 player.lnk

V9.lnk

www.v9[1].xml

Regexp file mask

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\newtab.crx

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx

%PROGRAMFILES%\Google\Chrome\User Data\Default\Extensions\v9.crx

%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\v9.xml

%PROGRAMFILES%\Mozilla Firefox\searchplugins\v9.xml

%ProgramFiles(x86)%\Google\Chrome\User Data\Default\Extensions\v9.crx

%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\v9.xml

%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\v9.xml

%TEMP%\V9._[NUMBERS]_[NUMBERS].exe

%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx

%WINDIR%\system32\v9-toolbar.dll

%WINDIR%\system32\v9loader.dll

%WINDIR%\SysWOW64\v9-toolbar.dll

%WINDIR%\SysWOW64\v9loader.dll

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\V9Loader.DLL

SOFTWARE\Classes\AppID\{1F5E3BD2-A706-4375-B94E-4B8E769736D5}

SOFTWARE\Classes\V9_ToolBar.V9_ToolBar

SOFTWARE\Classes\V9_ToolBar.V9_ToolBar.1

SOFTWARE\Classes\V9Loader.BHOLoader

SOFTWARE\Classes\V9Loader.BHOLoader.1

Software\Microsoft\Internet Explorer\Approved Extensions\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Internet Explorer\DOMStorage\pl.v9.com

Software\Microsoft\Internet Explorer\DOMStorage\v9.com

Software\Microsoft\Internet Explorer\DOMStorage\www.v9.com

Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com

Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{742E70CF-7770-412D-86CB-230B322E807C}

SOFTWARE\Microsoft\Tracing\V9_RASAPI32

SOFTWARE\Microsoft\Tracing\V9_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{742E70CF-7770-412D-86CB-230B322E807C}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{742E70CF-7770-412D-86CB-230B322E807C}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}

SOFTWARE\v9magic

SOFTWARE\V9Software

SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\V9_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}

Software\Wow6432Node\v9magic

SOFTWARE\Wow6432Node\V9Software

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

v9 uninstall

v9 uninstaller

V9Software

Directories

V9 Redirect Virus may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\V9 player

%AppData%\v9

%PROGRAMFILES%\v9Soft

%PROGRAMFILES(x86)%\v9Soft

%TEMP%\v9_Downloader

%temp%\V9Zip_000

URLs

V9 Redirect Virus may call the following URLs:

.v9.com

http://v9.com/

v9search.com

10 Comments

joseph 11 years ago Reply

my notebook shuts down by it self and the screen turns a bright colour

ray Sotto 7 years ago Reply

I want to get rid of myway from my computer

Mohammad R Moghaddam 7 years ago Reply

thnak you

cornelis coetzee 7 years ago Reply

my computer did't want to process a request

vanesa ramirezramirez 7 years ago Reply

I want to have an antivirus to protect my pc

Ralf Hamerla ( from Germany ) 7 years ago Reply

Does there exist a program ( Freeware ) that deletes all actual Viruses ? Thank You

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

V9 Redirect Virus

Threat Scorecard

EnigmaSoft Threat Scorecard

The Consequence of a V9 Redirect Virus Infection

SpyHunter Detects & Remove V9 Redirect Virus

File System Details

Registry Details

Directories

URLs

10 Comments

Submit Comment

Trending

WxSaler

Rplnd28.com

TermTrident Ads

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen